Sharp probability estimates for Shor's order-finding 

algorithm 



P. S. Bourdon^ and H. T. Williams^ 



Abstract: Let be a (large) positive integer, let b be an integer satisfying 1 < 6 < 
that is relatively prime to N, and let r be the order of b modulo N. Finally, let QC be a quantum 
computer whose input register has the size specified in Shor's original description of his order-finding 
algorithm. We prove that when Shor's algorithm is implemented on QC, then the probability P of 
obtaining a (nontrivial) divisor of r exceeds .7 whenever > 2^^ and r > 40, and we establish that 
.7736 is an asymptotic lower bound for P. When N is not a power of an odd prime, Gerjuoy has 
shown that P exceeds 90 percent for A'^ and r sufficiently large. We give easily checked conditions 
on A'^ and r for this 90 percent threshold to hold, and we establish an asymptotic lower bound for 
P of 2Si(47r)/7r « .9499 in this situation. More generally, for any nonnegative integer q, we show 
that when QC(g) is a quantum computer whose input register has q more qubits than does QC, 
and Shor's algorithm is run on QC{q), then an asymptotic lower bound on P is 2Si(2''"'"^7r)/7r (if 
A'^ is not a power of an odd prime). Our arguments are elementary and our lower bounds on P are 
carefully justified. 



1 Introduction 



In this Introduction, we assume readers are familiar with Shor's algorithm for finding the order of 
an integer b relative to a larger integer A^ to which b is relatively prime. The algorithm is reviewed 
in the next section. 

The goal of Shor's algorithm is to find the least positive integer r such that 6^ = 1 (mod A^); 
that is, to find the order of b modulo A^. In jHUHI, Shor describes an efficient algorithm to accomplish 
this task that runs on a quantum computer whose input register has n qubits, where n is chosen to 
be the unique positive integer such that A^^ < 2" < 2A^^. The final quantum-computational step 
in Shor's algorithm is measurement of the input register in the computational basis. One obtains 
an n-bit integer y, and the key calculation at this point is the probability that y satisfies 



(1) 



32' 



< — for some s £ {1, 2, . . . r — 1}. 



Lower bounds for this probability, for sufficiently large A^ and r, are typically given at around 40 
percent along with 4/7r^ as an asymptotic lower bound (see, e.g., [HI p. 1500], P, P- 58], [Sj 

^Department of Mathematics, Washington and Lee University, Lexington, VA 24450; pbourdon@wlu.edu 
^Department of Physics and Engineering, Washington and Lee University, Lexington, VA 24450; 
williamsh@wlu.edu 



1 



Chapter 3]). We find a precise formula for the probabihty that y belongs to 



5 := nint ( - — ) : s = 1, 2, 3, . . . , r — 1 



r 

and thereby satisfies Here, nint is the nearest-integer function. We use our probability formula 
to show that the integer y obtained by Shor's quantum computation will belong to S with proba- 
bility exceeding 70%, as long as iV > 2^^ and r > 40. In fact, we show that the probability P that 
y belongs to S will exceed 70% as long as • 2^^ < 2" and r > 40. Moreover, we show that 

4(-2 + 7rSi(7r)) ^ 0.7737 

provides an asymptotic lower bound for P. Here Si is the sine-integral function Si(3;) = dt. 
Note that we may assume both r and are large; otherwise, there is no reason to resort to quantum 
computation to find r. 

Efficient order finding leads to efficient methods for factoring composite integers (see, e.g., [HI 
§5.3.2]). Interest in the factoring problem is especially great for composite integers of the form pq, 
where p and q large distinct primes — the ability to factor such integers is equivalent to the ability 
to read information encoded via the RSA cryptography system (see, e.g, [51 ). When A*" is not a 
power of a prime, Gerjuoy ([2]) shows that Shor's algorithm (input register having n qubits where 
N'^ < 2'"' < 2N'^) succeeds in finding a divisor of r with probability exceeding 90%, given A^ and 
r are sufficiently large. (Here and in the sequel, by "divisor of r" we mean a divisor exceeding 1.) 
The key lemma for Gerjuoy's work is that r < N/2 whenever A^ is not a power of a prime. (See 
[21 Appendix B] for an elementary proof of this fact in case N = pq, where p and q are distinct 
odd primes; we provide a general argument in Section |21 below.) This lemma allows Gerjuoy to 
establish that Shor's algorithm finds a divisor of r whenever the integer y observed at the conclusion 
of quantum computation belongs to 



S :-- 





s2" 




y 




r 



< 2 for some s G {1, 2, . . . , r — 1}| 



In Section El of this paper, we apply our methods to find a precise formula for the probability P 
that y belongs to S. We then use the formula to describe conditions on r and A^ that will ensure 
P exceeds 90% and we show that 

2Si(47r) 

^ — '- « 0.9499 

vr 

is an asymptotic lower bound for P. 

In the final section of this paper, we extend our results to the case where the quantum com- 
puter "QC(q)" implementing Shor's algorithm has n + q qubits in its input register, where g is a 
nonnegative integer and where, just as before, A^^ < 2" < 2A^'^. Again assuming that A^ is not a 



2 



power of a prime (so that Gerjuoy's lemma applies), we show that when Shor's algorithm is run on 
QC(q), an asymptotic lower bound on the probability of finding a divisor of r is 

2Si(22+%) 
vr 

When g = 3, our asymptotic bound exceeds 0.993. Also, when g = 3, we give easily checked 
conditions on r and N that will ensure the probability of success exceeds 99 percent. 

We remark that phase-estimation analysis, as it is described in in |^ (see the paragraph con- 
taining (5.44) on page 227), assures that the 99 percent threshold is reached when q = 5 {N not a 
power of a prime), or when q = 7 {N arbitrary). 

2 Preliminaries 

Our probability analysis depends on some elementary number theory; specifically, the following two 
lemmas. In these lemmas, r is a positive integer exceeding 1. 

Lemma 1 Suppose that t is a positive integer less than r which is relatively prime to r and that k 
is a positive integer; then {{kr + s)t (mod r) : s = 1, 2, . . . r — 1} = {1, 2, . . . , r — 1}. 

Proof. Define / : {1, 2, . . . , r - 1} ^ {1, 2, . . . , r - 1} by 

/(s) = {kr + s)t (mod r) = st (mod r). 

To prove the lemma, it suffices to show / is one-to-one. Suppose f{si) = f{s2), then 

(si — S2)t = (mod r). 

Since t is relatively prime to r, the preceding equation shows that r must divide si — S2, 
but since |si — S2I < r, we must have si — S2 = 0. Hence / is one-to-one, as desired./ / / 

Lemma 2 Suppose that 2" exceeds r and r = 2^r', where k is a nonnegative integer and r' is a 
positive odd integer exceeding 1. Then there exists an integer q and a positive integer t less than r' , 
relatively prime to r' , such that 

2" t 

— = q + -- 

r r 

Proof: Note 2"/r = 2"~'^/r'. Let q be the integer quotient that results when 2'^~^ is 
divided by r' and let t be the remainder: 

— — =q + t/r'. 

T' 
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It follows that 2" = qr' + t, and this equation shows that if t and r' had a common 
divisor exceeding 1 (necessarily odd since r' is odd), then that common divisor would 
be a odd number greater than 1 dividing 2""'^, which is absurd. The lemma follows.// / 

Let Z+ denote the set of positive integers. For the remainder of this paper, b and denote 
elements of Z"*" such that b < N and b is relatively prime to A^. Let r be the order of b modulo 
N: ¥ = 1 (mod A^) and r is the least positive integer for which this equation holds. It is easy to 
show such an r exists and that r < A^.^ Also, since 1 < 6 < A^, r must be greater than 1. We now 
describe Shor's quantum algorithm, which is designed to compute the order r of b. 

We focus on the transformations and measurements of the input and output registers of the 
machine implementing the algorithm, ignoring any work-register activity. The machine has input 
register having n qubits, where n is the least positive integer such that 

Af2 < 2" < 2Af2. 

Its output register will have no qubits, where ng is the least positive integer for which A^ < 2"^°. 
(It's easy to check that either n = 2no or n = 2no — !•) Note that the size of the output register 
allows it to hold any of the r integers in the set {P (mod A^) : x = 0, 1, 2, . . . , r — 1}. 

The machine begins in state |0)„|0)„„. Then Hadamard gates are applied to each of the n qubits 
in the input register to put the machine in state 

-j^ 2"-l 
W2 X! k)n|0)no- 

Then the unitary transformation that takes 

|x)„|0)„o to |x)„|6^(mod Ar))„o,xE {0,1,2,...,2"-1}, 
is applied, yielding the machine state 

(2) i E \x)nr{modN)U. 

The next step in the algorithm, as described by Shor Pj , is the application of the quantum Fourier- 
transform to the input register. However, to limit the number of summations that appear in our 
work, we will, at this stage, follow David Mermin ^5;, Chapter 3] and measure the output register. 
When this measurement is made on the machine in state we obtain an ng-bit integer J. Observe 
that there must be exactly one integer xq in {0, 1, 2, . . . , r — 1} such that 6^° = J (mod A^) and 

■^In fact, r must divide cj>{N)) where 4>{N) denotes the number of positive integers less than A'' that are relatively 
prime to A'^. 
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that every x G {0, 1, . . . , 2" — 1} such that = J (mod A^) has the form xq + kr for some integer 
k in {0, 1, 2, . . . , m — 1}, where 

(3) m = 

(Here, [lo] represents the least integer greater than or equal to the real number w; later we use 
[w\ to represent that greatest integer less than or equal to w.) For future reference, observe 

(4) 1 <m < hi. 

r r 

Thus, after measuring J in the output register, the machine's input register is in state 

m—l 



(5) V l/cr + xo)n 



We can think of the input register's state as 1/y/rn times a vector of O's and I's, which has I's in 
positions kr + xq for k £ {0, 1, 2, . . . , m — 1} and zeros elsewhere. Thus the input register contains 
values of a periodic {0, 1 / ^/rn}-valued function, having period r. By taking the quantum Fourier- 
transform of the input register, we (hope to) obtain information about the fundamental frequency 
1/r and its overtones s/r, s = 2,3, ... ,r — 1. After applying the quantum Fourier-transform, the 
input register is in state 

, 2"-l m-1 
^/2^ y=0 k=0 

Here we are following Mermin 5, Chapter 3], even notationally. 

The final step in the quantum-computational part of Shor's algorithm is measurement of the 
input register, which yields and n-bit integer y. The key calculation at this point is the probability 
that the integer y G {0, 1, 2, . . . , 2" — 1} measured will belong to 

(7) S=|nint(^^^ :s = l,2,3,...,r-l 

This calculation is carried out in the next section. 



3 An Exact Probability Calculation 

For each s G {1, 2, . . . , r — 1}, let 



ys = nint I 



r 



We seek to compute 
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P := the probability that the n-bit integer y observed via measurement of the quantum 
system in state ^ belongs to S = {ys : s = 1, 2, . . . , r — 1}. 

If y does belong to S, then Shor jSJ IH] explains how to use that information to find a divisor of r 
(in an efficient way). He depends on a classical result in number theory that states that if y is an 
integer such that 

' y 



(8) 



< — 7j for some s € {1, 2, 
2r^ 



1}, 



then one can obtain, via the continued- fraction expansion of y/2", a rational number |, in lowest 
terms, such that | = ^; hence, r = |f and f is a divisor of r. If s happens to be relatively prime 
to r, then the order r is determined. Note that if y = is an element of S, then 



s2" 



y 



< 



1 

2' 



so that \y/2"- — s/r\ < j^t^ ^ 2^ ^ 2r^" Thus observing an integer from S at the conclusion 
of quantum computation will yield a divisor of r. The probability of finding r itself, as the least 
common-multiple of divisors found, rises quickly to 1 with the number of different divisors known. 

It follows from © that the probability p{ys) that will be observed is 

2 

,sG{l,2,...,r-l}, 



p{ys 

which may be rewritten, 

(9) p{ys) 



2'^m 



m— 1 

^ ^2nikrys/2" 
k=0 



m—l 



E inikr ( 
e 2" \y 



k = 



,se{i,2,... 



1}, 



because e 2 



ikr /„ 

— [y 



g27rifcrj/,/2"g-27rifcs ^ g2«fcry,/2" f^^, ^^^-^ ^_ Let 



(10) 6s 

which allows us to re-express © as 

1 



sT 
r 



s2 



n—k 



(11) 



p{ys 



2"m 



m—l 

E 2'KikrSs 



k=0 



,sG{l,2,...,r-l}. 



Representation (jllj) of p(ys) can be simplified by using the formula for the partial sum of a geometric 



series {J2 



m—l 



1=0 



W 



(1 — ?x;™)/(l — w)] one obtains that for every s G {1, 2, , 



1} 



(12) 



p{ys 



e 2" 



1 sin2(H|£5. 



2"m 



1 - e 2" 



2"m gij^2 



V 2" y 
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In our calculation of P, we will assume only that the number n of qubits in the input register 
exceeds no, the number in the output register. Observe that this ensures that 2"/r > 2"'""'' > 2. 
It follows that the set S of Q consists of r — 1 distinct elements, and thus 



r-l 



(13) P = Y,p{ys). 

s=l 

Also note that there is no ambiguity in the value of nint {s2^ /r) for s = 1, 2, . . . , r — 1 because 
s2"/r can never be a half-integer. 

We consider the simplest case first: ^ is an integer. In this case, ys = nint = and 

therefore (5s = for each s. It follows from Ullj) that p{ys) = ^ for every s and thus 

(14) P=(r-1)^. 

Using the lower bound on m from it is easy to show 

1 r- 1 

(15 P>1 — . 

^ ' r 2" 

This exceeds .95 if, e.g., r > 25 and n > 15. 

We now address the more challenging, more interesting case: ^ is not an integer. Note that in 
this case, there must be a nonnegative integer k such that 

(16) r = 2^r' , where r' is odd and exceeds 1. 

Suppose that k is positive so that r is even. Then appearing in the sum over s in ()13|) are values 
of s that are multiples of r': r' ,2r' , {2^ — l)r'. For each of these values, ys = nint = 

nint ^2"~^'p-^ = 2"~^p- and therefore (5s = for each such s. Thus we have from (|11() 

Observation 1: The total contribution to P from multiples of r' is {2^ — 1)^. 

The remaining s values, i.e. those that are not multiples of r', consist of 2^ sequences, each with 
r' — 1 terms: 

(17) (1, 2, / - 1), (/ + 1, / + 2, 2/ - 1), . . . , ((2^ - 1)/ + 1, (2^ - 1) + 2, 2^' - l) . 

We will show that the contribution to P from each sequence is the same. 

Note that Observation 1 is valid even if k = and that the assertion made in the preceding 
paragraph is trivially true since there is only one sequence in (|17|) in this case. 
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Apply Lemma 121 to represent ^ as q + t/r' where g is a positive integer and t < r' is relatively 



prime to r'. Consider the collection 

S' := {y, :sG{l,2,...,r'-l}} 



nint 



s2' 



:sG{l,2,...,r'-l} 



|nint(^sg+^^ :sG{l,2,...,r'-l}| 



Apply Lemma^ with /c = to see that st ^ (mod r') for each s G {1, 2, . . . , r' — 1}. Hence, for 
each such s, st = Qsv' + jg for some nonnegative integer Qs and some js G {1, 2, . . . , r' — 1}. Thus 

(18) 5' = jnint (^sg + + : s G {1, 2, . . . , r' - 1}| . 

Let s e {1, 2, . . . , r' - 1}. Observe that if 



(19) 
If 

(20) 



js < 



js > 



, then Us = sq + qs and ys = -Js/r . 

r 



s2" r'-js 

then Us = sq + qs + l and ys = ; — 



LemmaHtells us that as s varies from 1 to r' — 1, the integers js appearing in the representation 
^ = sq + zj = sq + qs + 'Ij will also vary from 1 to r' — 1. Thus, in (|TK|) 



4:sG{l,2,. ..,/-!} 



1 2 



r'- 1 



^1 fyi ry^f 



Thus Lemma n (with /c = 0), combined with observations ()19|) and H2U|) . yields 



(21) 



r s2" , 1 ri 2 |rV2n 



and that for a given Z G {1, 2, . . . §-J }, there are exactly two integers si and S2 in {1, 2, 3, . . . , r' — 1} 



such that |ysi 



si2" I 



//r' and \ys 



l/r' . Now suppose that r' < r; in other words, the 



integer k in (|16j) is positive. Let A; be any integer satisfying 1 < < 2^^ — 1. The analysis of the 
preceding two paragraphs, with Lemma [21 applied as stated, shows that 



(22) 



f s2" . , , . , 1 r 1 2 \r'/2\ ^ 

ys : s = kr' + l,kr' + 2,..., kr' + r' -1\ = \ 



with each element of the set on the right corresponding to \ys — for exactly two values of s in 
the range kr' + 1 to kr' + r' — 1. 
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Using the definition of 5s from (fTUIl as well as (PT|) and (P^. we see that for any k with 
< /c < 2^= - 1, 



(23) 



kr'+q I 



l,2,...,r'-l}= 4:i = l'2,..., 



r' 


1 


_2. 





with each member of the set on the right corresponding to [(J^r'+gl for exactly two values of g G 
{1, 2, . . . , r' — 1}. Thus we have 

Observation 2: the contribution to P from from any one of the sequences in (|17|) . 
which would take the form Y7q=i viVkr' +q) for some /c € {0, 1, . . . , 2*^ — 1}, is given by 



(24) 



E 



sm 



sin2 



/ ■iTmr{j /r') \ 

( 7rr(j/r') \ 
V 2" y 



2 Msin2 



\2n-k ) 



(25) 



where we have used ()12[). 
Combining Observations 1 and 2 leads us to a final form for the exact probability: 

/ nmj \ 



P = 2' 



2 Lr;72Jsin2 



E 



m 



.tl sin^ (^) 



+ (2'=-!)^ 



2n 



Note that the preceding formula is valid even when ^ is an integer, provided we take r = 2^r', 
where r' = 1, and we follow convention and interpret the sum from j = 1 to j = = to be 0. 



4 Lower Bounds on the Probability of Success 

In this section, we discuss two different ways of obtaining lower bounds for 

.-1 sin^ (^) ^2^^' 

where r < < 2"", 2^r' = r with r' > 3 odd (and k > 0), and ^-l<m,<^ + l. Our 
first method of bounding P below uses elementary inequalities based on the Maclaurin series for 
the sine function and requires only that n > uq. Our second method provides an integral-based 
underestimate and requires A^^ < 2" (Shor's condition). The lower bounds presented below are 
rigorously justified in Appendix B. 
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To derive a series-based lower bound for P, we use the following elementary inequalities: 



(26) 



sin^ X < x'^ for all x, and sin^ x > ix ^ 1 for, say, x G 



We obtain (see Appendix B) 



1 1^ 



(27) P > ( 1 
and 
(28) 



2n.-no 7- 



vr^ /r + 1 _^ 1 



+ 



1 



36 V r 2"'-"-o-i 22("-"o) 



if A; = (r,odd), 



1 1\ / 7rVr'+ 1 1 1 

P > (l-:r^-^ : I I 1 - — I + ^„ o + 



2"— no 7"' 



+ 



36 V 2"^"o^2 22("-"o)-i 



1 1 



1 



if A; > (r, even) 



Assuming that n — uq > 11 and r > 40, one can show (Appendix B) that the right-hand side 
of either (P7|) or (^51) exceeds 0.70. Thus if Shor's algorithm is carried out with an input register 
having the size described in Shor's original paper, then the probability of finding a divisor of the 
period sought exceeds 70% (as long as r > 40 and N > 2^^). 

Note that as r and n — hq approach oo in our lower bound formula (|27j) for odd r, we get an 
asymptotic lower bound on P of (1 — 7r^/36) ~ 0.726. A sharper asymptotic bound is provided by 



(29) 



P > 



1 



7r2 



1 + 



N 



1 

2r' 



sin^(7r2;) 



dx 



l/r' 



N 



+ 



1 



1 



2^7 



an inequality proved to be valid in Appendix B (assuming A^^ < 2"). By letting r' and approach 
infinity, we obtain 



vr2 JO 



sin (vrx) 



dx = — (-2 + -KSi{-K)) 0.7737 



x^ 

as an asymptotic lower bound for P. 

Consider the function F{N, k,r') defined by the right-hand side of (|29)) . It is clear that if either 
of A; or A^ increases, so does F. Additionally, the partial derivative of F with respect to r' is 
positive (whenever A^ exceeds, say 9) and thus F increases in r' as well. F exceeds 0.75 when 
N = 2^1, r' = 75, and k = 0. Thus if one uses a classical computer to check that the order r of 6 
modulo A^ doesn't have the form 2^c where c is an odd number satisfying 1 < c < 73, and A; is a 
nonnegative integer for which 2^c < N, then one can be over 75% certain of success. Note there are 
fewer than 371og2(A^) numbers to check so that the checking may be done efficiently on a classical 
computer. The 0.77 success-rate threshold is reached by, e.g. A^ = 2^^, r' = 447. 
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5 Order-finding when N is not a power of a prime 



In this section, we assume that is not a power of prime, that b is an integer satisfying 1 < b < N 
which is relatively prime to N, and that r is the order of b modulo A^. In this situation, Gerjuoy 
(12]) has shown that Shor's algorithm succeeds in finding a divisor of r with probability on the 
order of 90% (given that and r are sufficiently large). As we mentioned in the Introduction, the 
key to Gerjuoy's work is his use of the following lemma: 



Lemma 3 (Gerjuoy) // A^ is not a power of a prime and b is relatively prime to N , then the 
order r of b modulo N must satisfy 

N 

Gerjuoy |H Appendix B] provides an elementary proof of the preceding lemma in case A^ = pq, 
where p and q are distinct odd primes. The general result may be established as follows. The 
collection of all integers less than A^ and relatively prime to A'" forms a group under multiplication 
modulo A^. This group, frequently denoted U{N), contains (^(A^) elements, where is the Euler 
(f) function. A well-known number-theory result (see, e.g., ^ Proposition 4.1.3]) shows that U{N) 
contains an element having order 4>{N) modulo N if and only if A'^ is 2 or 4 or has the form p' or 
2p^ , where p is an odd prime and j G Z+. Thus if A^ is a not a power of a prime, then either 



(i) U{N) contains no element of order </>(A^), or 

(ii) A^ = 2p^ for some positive integer j and some odd prime p. 



Suppose that (i) holds, that b £ U{N), and that b has order r modulo A''. Since the order r of 
b must divide the number of elements in U{N) (;.3,, p. 43]) and since r ^ (p{N), we must have 
4>{N) = kr for some integer k > 2. Hence 

r = ^{N)/k < <l){N)/2 < N/2, 

as desired. Suppose that {ii) holds. Then U{N) does contain elements of order (j){N); however, 
an easy calculation shows (p{2p^) = p^ — p^~^, which is less than N/2. Thus in case (ii) holds, all 
elements of U{N) have order less than N/2, which completes the proof of the lemma. 

Gerjuoy [Ij explains how LemmaOlshows that a divisor of r may be extracted from the integer y 
observed at the conclusion of Shor's quantum computation for a larger collection of y's than those 
contained in the set S of integers nearest s2'^/r, s = 1, 2, . . . , r — 1. Specifically, he shows that if 
one observes an integer y satisfying 



(30) 



s2" 

y 

r 



< 2 for some s G {1, 2, ... r — 1}, 
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then one can obtain a divisor of r. To see why this is so, recall from 
computation is to find an integer y satisfying 

1 



that the real goal of the 



(31) 



Note that if (|3()|) holds and Lemma 01 applies (so that 2r < A^), then 



< — K for some s G {1, 2, . . . , r 
2r^ 



!}• 



y 



^2^2 2 _ 1 

- 2" - iV2 ^ (2r)2 ~ 2^' 



so that knowledge of y means knowledge of a divisor of r. 

Thus, given that N is not a prime power, Gerjuoy establishes that Shor's computation is 
successful provided the integer observed belongs to 



S 





s2" 




y 




r 



< 2 : s = 1,2, 



1 



N/2) = 2N so that 

/nn 

< 2, given 



y 



Observe that the gap between successive values of s2"/r exceeds 2"/r > N'^/ 
the set of integers satisfying y — ^ < 2 will be disjoint from those satisfying 
s' + s. 

We now describe the elements of S relative to the nearest integers ys (introduced earlier) and 
calculate the exact probability that the integer y observed at the end of the Shor computation will 
belong to S. 

Recall that for each s S {1, 2, . . . , r — 1}, ys = nint (s2"/r). Note that if ys < s2"'/r, then S will 
contain, in addition to ys, the integers ys + 1, ys + 2, and ys — 1- Similarly, if yg > s2"'/r, then S will 
contain y^, ?/s + l, J/s — 1, and ?/s — 2. Finally, if s2^ /r is an integer (so that in the notation of Sectional 
s = kr' for some k satisfying 1 < A: < 2^^ — 1), then S will contain yg — 2, — 1, y^, ys + 1, + 2. We 
have computed the probability P that the integer observed belongs to set {ys : s = 1, 2, . . . , r — 1}, 
where = nint (s2"'/r). Similar methods will allow us to compute the probability that integers of 
the form ys + h, h £ {—2, —1, 1, 2} will be observed. In fact, we compute the probability the ys + h 
is observed for any integer /i, but in this section will focus only the < 2 case. 

Let h € {—2, —1, 1, 2} and s G {1, 2, . . . , r — 1} be arbitrary. Substituting ys + h for y^ in ® and 
using the definition of 5s in (|T?1|) . we obtain the probability p{ys + h) that ys + h will be observed: 



(32) p{ys + h) 



2"m 



m— 1 
A:=0 



2-Kikr(h+5a) 



1 



sm 



/ TTmr{h+5s) \ 

\ 2" ; 



2"m gi]^2 



SE{1,2,... 



1}, 



which should be compared to ()11|) and (|12() . Let P/^ 
did P: 

r-l 



( ■KT{h+5s) \ 

\ 2" ) 

Z]s=iP(ys + We compute just as we 
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2"-! /r'-l 



fc=0 \5=1 
(r'-l 



k=l 



2"-! 

E 

fc=0 



sm 



E - 

Z-^ on 



2 f 7rmr(fe+gfc^,^^) \ \ 



1 ^""^ sin^ ( 



+ 



1 sin2 (^) 



2"m sin2 



V 2" J 



where we have used (|32|) to obtain the final equahty above. RecaU from l|19|) . (|20|) . and (|23|) that 
{(Jfcr-'+g : g = 1, 2, . . . r' - 1} = {j7r' : j = 1, 2, . . . , LrV2j } U {-j/r' : j = 1, 2, . . . , LrV2j }. Thus, we 
can say 



2"-! 



1 



E I E 



k=0 



- sin2(ir(^L^) 



+ E 



J 



i=i sm 



2 / nr{h-j/r') \ 
V 2" y 



+ 



I sm" 



( ixmrh \ 

\ 2" ; 



2"m sin2fz-^ 



Observe that Ph is an even function of /i, i.e., Ph = P-h- Thus we can say that the probabihty 
of observing an integer in S is 

(33) P + 2Pi + Pt, 

where Pt is the probabihty that the fohowing integers are observed: (a) Us + 2, given s2^ /r > y^, 
or (b) Us — 2, given s2"/r < y^, or (c) both ?/s + 2 and — 2, given s2"/r is an integer. We have 



2"-! 



1 



Pt = 2 y y 



2 / 7rr(2-j/r') 



+ 2- 



\ sm' 



/ ■nmr2 \ 
\ 2" y 



2"m gijj2 



V 2" y 



j=i sm" (- 2" 

Using our formulas for P, Pi, and Pt, and doing a bit of rearranging, we obtain the following as 
the probability that an element of S will be observed: 

o 1 L^'/2J sin2 ^ -^^rjjjr'+h) ' 



(34) 



2"m 



E E 



2" 



h=-2 3=1 sm 1^ T^'l 



+ (2^ - 1 — 



+ 2 



2fc _ ^ sin2 (^) ^ ^2^ - 1 sin' (^) 



2"-m gij^2 



V 2" y 



2"m gij^2 



/ 7rr2\ 
V 2" ) 



In Appendix A, we present a numerical calculation illustrating the correctness of our formula 
for P. In Appendix B, we obtain the following lower bound for P: 

^2 



(35) 



P > 



1 



1 



1 + 



1 

2N 



E 

h=-2 



sin (vrx) 
(x + hf 
7 



dx 



1 



16 



2Ar 2V 
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As r' and approach infinity, we obtain an asymptotic lower bound of 

^ . , 2 fi sin^fvrx) \ 2Si(47r) 
(36) 7 -r^ dx = ^ — - w 0.9499. 




Clearly, the quantity on the right-hand side of (|35|) increases as any one of r', N, or k increases. 
This quantity exceeds 0.90 when N = 2^^,r' = 59, and k = 0. Thus if one uses a classical computer 
to check that the order r of 6 modulo N doesn't have the form 2^c where c is an odd number 
satisfying 1 < c < 57, and A; is a nonnegative integer for which 2^c < N, then one can be over 90% 
certain of success. Note there are fewer than 291og2(A) numbers to check so that the checking 
may be done efficiently on a classical computer. The 0.94 success-rate threshold is reached by, e.g. 
N = 2^^, r' = 299. 

We remark that the trig identity sin^(7rx) = sin^(7r(x + h)) (for h, an integer) along with some 
elementary calculus shows that the sum of integrals on the left of equals 



vr^ Jo 



^ sin^fvrx) 



dx 



which via appropriate trig identities and substitutions yields HMIeI 



6 Probability Calculations for Larger Computers 



Just as in the preceding section, we assume that is a (large) positive integer that is not a power 
of a prime, that 6 > 1 is an integer than A^, relatively prime to N, whose order r (modulo N) we 
seek. Note that Gerjuoy's lemma remains in force: r < A/2. Just as before, let n be the positive 
integer satisfying A^^ < 2" < 2A^^ so that n is the number of qubits Shor originally specified for 
the input register of the quantum computer "QC" running his order-finding algorithm. For each 
nonnegative integer q let QC(q) be a quantum computer having input register of size n + q qubits. 
Let 





s2"+9 


{■ 


y 




r 



< 2^+"^ for some s G {1,2, 



1} 



Observe that if y £ Sg then for some s £ {1,2,, 



1}, 



2"+<? 



< 



1 



^ 2 ^ 

- 2" ~ A2 " (2r)2 ~ 2r2 



so that if the integer y, observed at the end of the Shor computation on QC(q), belongs to Sg then 
the computation will be successful in the sense that a divisor of r (exceeding 1) will be found. 
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Let Pq be the probability that a integer y in Sq is observed. (Note Sq = S and Pq = P-) 
GeneraHzing the computations in the preceding section in the obvious way, we obtain the following 
analogue of (jHU): 

- 2 K/2J sin2(HB!liZ!l±M) 3^ - 1 2'+' sin^ (nm) 
P = 2^= = V V — ^ + f2^-n^^ + 2^ ^ ^ 

9 2"+'?m ^ 2 ( ■Kr{j/r'+h) \ ^ ^2'^+9 ^ „i„2 / Trrj \ ' 

h=-2i+^ J=l ^^^^ I J J=l I 2"+9 J 

The preceding formula yields the following lower-bound for Pq (see Appendix B), which is a 
generalization of our lower-bound formula H35|) for P : 



2 2r' sm vrx , \ 1 



P^) A a ^^5= ^ L^. i„ I - - 

7 16 



^2^^^ -^^(l-lV2WT) 

Fixing q and letting and r' approach infinity, we obtain 



h=-21+^ 



1 I vr2 Jo {x + /i)^ 



vr 



as an asymptotic lower bound for Pq. When g = 3, we have ^^^^ « 0.9937 

Fix q = 3. Clearly, the quantity on the right-hand side of (|37|) increases as any one of r',N, 
and k increases. Given q = 3, this quantity exceeds 0.99 when N = 2'^^,r' = 819, and k = 0. Thus 
if one uses a classical computer to check that the order r of 6 modulo N doesn't have the form 
2^c where c is an odd number satisfying 1 < c < 817, and A; is a nonnegative integer for which 
2^c < N, then one can be over 99% certain of success in finding a divisor of r on QC(3). Note 
there are fewer than 4091og2(-/V) numbers to check so that the checking may be done efficiently on 
a classical computer. 



Recall the well-known result 



f°° sint IT 

hi(ooj = / at = —; 

Jo 



t 2 

thus, given Shor's algorithm runs on QC(q), our asymptotic lower bound 2Si(2^ in) proba- 
bility of success approaches 1 as g — > 00, as expected. 
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Appendix A: Some Numerical Calculations 



To illustrate the correctness of our formula H34|) for P, we complete a case study here involving 
small values of and r: we take = 247 and 6 = 4 so that r = 18, which means k = 1 and r' = 9. 
We use Maple to calculate P two ways. 

(1) We use the (inverse) discrete Fourier transform^ to compute the coordinates, relative to the 
computational basis, of the state which is the state that results from applying the quantum 
Fourier transform to the periodic vector We plot the resulting probability amplitudes 
and sum those corresponding to basis states belonging to 

< 2 for some s G {1, 2, . . . , r — 1}| . 

(2) We use our formula H34() . 

The reader will see that the probabilities calculated by (1) and (2) agree to many decimal places. 

Maple Probability Calculation Based on Fourier Coefficients 

We suppose = 247 and 6 = 4 so that r = 18. Here, the output register will have no = 8 qubits 
and, following Shor, the input register will have n = 16 qubits. For simplicity we take xq = in 
and create a vector V corresponding to this state. Then we apply InverseFourierTransf orm(V) , 
plot the resulting probability amplitudes and sum those corresponding to the possible desired 
outcomes — those in the S. Here's the Maple code and output. 

>Digits:=20: 

>with(DiscreteTransforms): 

>V:=Vector(2'(16)): # V will store values of periodic function to which DFT applied; entries 
initialized to 

>m:=ceil(2^(16)/18); 

m .•= 3641 

>for k from to m-1 do V[k*18+l]:=l/sqrt(m): od: #Every 18th value of V set to l/sqrt(m) 

> Z : =InverseFourier Transform( V) : 

^As an operator, the inverse of the discrete Fourier transform is equivalent to what is caUed the quantum Fourier 
transform. 



y ■ 



s2" 



16 



> for k from to 2^6-1 do NZ[k]:=Z[k+l] od: #Re-index so that NZ[k] is amplitude of \k > 
for k = O..2I6-I 

>with(plots): 

>pointplot (seq( [p/2 ^ ( 16) ,abs (NZ [p] ) ^ 2] ,p=0. .2 " 1 6- 1 ) ) ; 



s = l,2,...,17. 

>for s from 1 to 17 do y[s]:=round(s*2"(16)/18): od: #Compute the nearest integers 
>Prob:=0: #After next loop Prob will be probability of observing an integer in {y[s] : s = 1..17} 
>for k from 1 to 17 do Prob:= Prob + abs(NZ[y[k]])'2: od: 

> Prob; 

.71982482558080545540 

>Probl:=0: #After next two loops Probl will be probability of observing an integer in {y[s]ibl : 
s = 1..17} 

>for k from 1 to 17 do Probl:=Probl + abs(NZ[y[k]+l])'2: od: 
>for k from 1 to 17 do Probl:=Probl + abs(NZ[y[k]-l])'2: od: 

> Probl; 

0.15577667957639559817 



i j.t.iii 



i.ni.i j 
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>Prob2:=0: 7^ After next loop Prob2 will be probability of observing the integer y[s] + 2 or y[s] 
- 2, whichever is closer to s2" 16/18 

> for k from 1 to 17 do 

if (round(k*2'(16)/18) < k*2"(16)/18) then Prob2:=Prob2 +abs(NZ[y[k]+2])"2 else Prob2:=Prob2 
+abs(NZ[y[k]-2])'2 fi; od: 

>Prob2; 

0.018781342656774252754 

>Prob + Probl + Prob2 + abs(NZ[y[9]+2])"2; # Yields probability that observed integer is 
in S-tilde; last term needed since both y[9] + 2 and y[9] — 2 belong to S-tilde 

0.89438284786571392115 

Probability Calculation Using Formula (|34|) for P 

> PP:= (k,n,m,rp)- > 2'k*2/(2"n*m)*sum(sum(evalf(sin(Pi*m*2"k*rp*(h+j/rp)/2"n)^2/ 

sin(Pi*2^k*rp*(h+ j/rp)/2"n)^2),j=l..floor(rp/2)),h=-2..1) + evalf((2"k -l)*m/2'n + 2*(2^k- 
l)/(2^n*m)*sum(sin(Pi*m*rp*2^k*w/2^n)"2/sin(Pi*rp*2'k*w/2"n)^2,w=1..2)): 

> PP(1, 16,3641,9); 
0.89438284786571368093 
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Appendix B: Proofs of Lower Bounds for Probability of Success 



Lower Bound on P Using Sine Series 

Recall our formula ()25() for P: 



2 Lr-72Jsin2 



/ -Kvaj \ 

\2n-k ) 



.-1 sin^ (^) 

where we assume r < N < 2"", = r with r' > 3 odd (and ^>0), ^ — 1 < m < ^ + 1, and 
n > no- Recall that uq is chosen to be the least positive integer such that 2"''' > N. Observe that 
m > TP' jr — 1 yields 

, r; ,m 1 1 1 1 1 1 1 
(38 2'=-!— >- . + — >- ^. 

Also observe that if j G |l, 2, . . . , §-J |, then our inequalites for m yield 

^ ' - 2n-fc 2" VrV V T^)\2) 2V 2"-"oy - 4 

Our goal is to establish the lower bounds (|27|) and (|28|) . The work is tedious but straightforward. 
Using the sine function inequalities p6|) , the second of which holds by (|39j) , as well as 

(40) (a) (1 - x)2 > 1 - 2x for x G (-cx),oo) and (6) = ^(^ + ^K^fe + 1) ^ 



6 



we have 



- 2 L^'/2J (|^-(|^)'/6) _ 
P > 2^=^ y ^ ^ + (2'=-!)^ (by®) 

2m I ^, I /^^ ^ 7rm \ 2 ( [^^//2j + i) (2 [r72j + 1) ^ 



(41) = VIA ^ - j 18 + (2 - 
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We continue the calculation, using (|5S|) . ^ + l>m>^ — 1, and [r'/2j = — 5, the latter fact 
holding because r' is odd. We obtain separate underestimates for the cases 

(a) A; > (so that r, which equals 2^r' , is even), and 

(b) A; = (so that r is odd and r' = r). 

For /c > 0, we have 



' 2"^fc^i /\2 2/\ \r' 2"^^ / 36 I j-' j- ^'n—k 



2n—k J \ 36 \ r' 2"^^^i 22"-— 2A: y / 7-' r 2"~^ 

For case (b), note that when k = the final summand in 1)41^ disappears. Thus for /c = 0, so 
that r = r', we have 



2*^ r 2"/ y 36 V r 2"-i 22 



2" rj \ 36 V ^ 2^^"^ 22" 

We analyze -Podd first. Recall that r < N < 2*^°, where r is the order of b modulo N. For now, we 
just assume n > uq. Note that if 2*^° (or 2"° — 1) is substituted into the quantity of (|43|) for any r 
appearing in the numerator of a fraction, the effect is to produce a smaller quantity; thus, we have 
arrived at the advertised lower bound (1271) for P when r is odd: 



1\ / 7r2 /r + 1 1 1 

odd > 1 - ^„_„„ - - 1 - t;^ — \- ^„^„,.-A + 



2n-no r J \ 36 V 2"~"o^i 22("-"o) 

We show that Podd > -70 assuming only that the difference n — uq > 11 and r > 41. Thus if 
N > 2^^ and r > 40 is odd, then Shor's algorithm, as it was described in his papers [Hlini) finds a 
divisor of r with probability at least 70%. Assume n — no > 11, then 

1 1\ / ^2 /^ + 1 1 1 
Podd >( 1 - — - - I I 1 - — ( + — + 



2" rJ \ 36 V r 2^^ 22(ii) 



Define / : [41,cx)) ^ R by 



^ , 1 1\ / 7r2 /r + 1 1 1 
f^'^=^'-¥^--r ^"36 1^ + ^ + ^ 
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It is easy to show that / has positive derivative on [41, oo) and /(41) > .70, which verifies our 
claims concerning successfuUy finding a divisor of r in case r is odd. 

Now we turn to the case A; > so that r = 2^r' is even. Using (|42|) along with k < uq and 
r < 2""", we obtain the advertised lower bound H28|) for P given r is even: 

1 1\ f TT^ fr' +1 1 1 



2"— no r' J \ 36 \ r' 2"~"o— 2 22{n— ^o)— i 

1 1 



+ -1 



r' 2'^r' 2"~"o 

We continue to assume that r > 40 and n — uq > 11. Because 2^r' > 40 we may work with the 
following four cases (1) A; > 4,r' > 3, (2) A: = 3,r' > 5, (3) A; = 2,r' > 11, and (4) A; = l,r' > 21. 
We handle these cases separately. Case 1: if we assume that A; > 4, we can say 

1\ / TT^ fr' + 1 1 1 \\ 1 1 1 

Pe.en >(!- — - -)(l- — I — + " + — 1 I + - 



2" r' J \ 36 V r' 2^ 2^^ J j r' 16r' 2^^' 
Define / : [3, oo) ^ R by 

f('\-( ^ M 7r2/r' + l 1 1 \\ 15 1 

It is easy to show that / has a global minimum on [3, oo) at tq := 9(524288-56977^) ~ ^'^"^ \h.a\j 
firo) > .72. 

Case 2: For A; = 3, r' > 5, we can say Pcvcn > /('^')> where / : [5, 00) ^ R is given by 
/^ / 1 1\ / vrV^' + l 1 1 \\ 7 1 



2" r'J\ 36 V r' 2^ 2"^^ J J 8r' 2" " 

It is easy to show that / has positive derivative on [5, 00) and /(5) > .71. 

Case 3: For k = 2, r' > 11, we can say Pcven > /(^O) where / : [11, 00) — > R is given by 

, / 1 1\ / 7r2 /r' + l 1 1 \\ 3 1 

It is easy to show that / has positive derivative on [11, 00) and /(II) > -70. 

Case 4: For A; = 1, r' > 21, we can say Peven > /(^')i where / : [21, 00) ^ R is given by 

r' [ 36 V r' ^ 29 ^ 221 i j + 2r' 2" " 
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It is easy to show that / has positive derivative on [21, oo) and /(21) > .70. 

The preceding four cases justify our claims concerning the probabihty P of success when r is 
even, and thus, complete our proof that if Shor's algorithm is carried out with an input register 
having the size described in Shor's original paper, then the probability of finding a divisor of the 
period sought exceeds 70% (as long as r > 40 and N > 2^^). 



Bounding P Below by an Integral 

We provide a lower bound for P in terms of an integral. We start with a representation of P 
derived from our formula and equation (^l)) : 

o L'-'/aj sin^ ( ZLEHlz/rO A 
(U) p = 2^—— V !^ - L + (2^-i\!Il. 

where r < N < 2"° , ^ — 1 < m < ^ + 1, and 2'^r' = r with k a nonnegative integer and r' > 3 odd. 
We assume that n satisfies 2" > A^^ and that r < N. Recall that since r' is odd, — ~ l)/^- 

Our approach to finding a integral-based lower bound for P is not the simplest possible one. 
We use methods here that will be required in our work to underestimate Pq in the final subsection 
of this appendix. 



Lemma 4 For j € {1,2, ... , % }, 



sin^ I - — — - I > sin^ I — ^ 



(■Kmr{i/r')\ . 2 / ^rj vrj 



Y 2" / V r' 2"-~^ 

Proof. Using 2"/r + 1 > m > 2"/r — 1, we see that the argument of the sine function on the 
left in the lemma statement satisfies 

...X f j . j \ . TTmr{j/r') f j 



n—k I 2"' V r On—k 



Note that the rightmost expression in (|^^ is positive: nj ^p- — = vrj (^^rrp-^ > 0. The 

following simple computation shows that leftmost quantity in ()45() is less than tt/2 for all j between 
1 and lr'/2\ = (r' - l)/2: 
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Assuming j < , we have 



, 3 . J 



'2n—k 





V2 


1 

2? 


r'-l 
2 • 2"-^ 


IT 


TT 


(i 


2^(r'- : 


2 


2 




2" 


vr 


TT 




-'•('•' -i; 


2 


~ 2 




2"r' 


TT 








2' 









< 

where the inequahty on the final fine follows because the quantity inside parentheses on the penul- 
timate line is positive (2" — r(r' — 1)) > 2" — > 2" — AT^ > 0). Thus, because the sine function 
is increasing on [0,7r/2], we will obtain an underestimate of sin ^ ^"^K?/^ ) ^ by replacing '^"^Kj'/'' ) 

with ijj — 1 which yields the lemma./ / / 

Lemma 5 For real numbers a and b we have 

sin2(a ± 6) > (sin^ a)(l - 6^) - 2|5|| sin a\. 

Proof. Using the angle addition formula for the sine function and then 
(46) (s - tf > - 2st, 

which is valid for all real numbers s and t, we find 

sin^(a lb 6) > (| sin(a) cos(6)| — | sin(6) cos(a)|)^ 

> sin^ (a) cos^ (6) — 2| sin(6)|| sin(a)|| cos(a) cos(6)| 

> sin^ (a) ( 1 - sin^ (6) ) - 2 1 sin (6) 1 1 sin (a) | 

> sin2(a)(l-62)-2|6||sin(a)|./// 
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Using LemmalU and replacing sin^ ^ 7rr(j7r ) ^ -^^i;]^ i^j^g larger quantity { ^^^i^i^' , we have 



(47) 



P > 



2^(2) ™ - ^ 

2"m 



E 



2" 



m 



+ (2'=_1)_. 



We seek to find an easily computable lower bound for the quantity in square brackets in the 
preceding inequality; calling this quantity Q we have 



(48) 



(49) 



Q 



2k+i I I 



sin^ ( Hi - ^ 



E 



> 



2 ( 1 L;V2J sin^ (^) (l - (^) - ^ sin (^) \ 



(vr2)ff 



^ \r'/2\ sin^ 



We 



where to obtain ()49() . we have used ^ = p- as well as Lemma El with a = ^ and 5 
continue the calculation, underestimating the quantity on line ()49p by replacing the first occurrence 
of 7rj/2"~'^ with gSr, which exceeds its maximum possible value 7r(r' — l)/2"~'^"'"^, replacing ^ 
with (1 + ^), and separating the sum: 



(50) Q > 



(vr^) (1 + #r) 



1 ^tC^J (^) (i - (#^^)') 1 ^ - (^) 



V 



We make the subtracted quantity in (jSUf) larger by replacing sin(7rj/r') with vrj'/r'; we also cancel 
j's and r"s, obtaining 

. 2^ 



2 1 



Q > 



-.1 2-^ 



vr 



,• \ 2 



V 



(1 + It) 2 



We increase the subtracted quantity on the preceding line by replacing 1/(1 + r/2") with 1 and 
we decrease the initial quantity by viewing the sum in parentheses as a Riemann sum with a 
left-endpoint selection for the decreasing function x i— > sin^(7r3;)/3;^ on ^ + j-r]: 



2 1 



Q > 



( Trr V 



(^2)(1 + |,) Jy 

, 2 



2 ■ sin2(7rx) , 2'=(r' - 1) 
7, ax — 



(51) 



> 



2"+i 



1 + 25r \vr^ Ji/r' 



l+ST' sin^(7rx) 



in— 1 



in— 1 ■ 
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Thus, starting with (jl7)) and using the definition of Q, the underestimate for Q, as well as 
(|n5|) . we have 



P > 



( 2"+i ) 



2 /■2 + 2r' sin^(7rx) 



1 + — 



, \ r 112'= 

ax r H — 7 • 

/ 2"-i r' r 2" 



Because r < N < 2"/^, we have ^ < 4^; using this as well as 2'=/2"' < r/2" and r = 2^r' yields 



P > 



' 2r' sin^(7rx) 



1 + ^ Jl/r' 

which is the advertised lower bound (^U)) on P. 



dx 



3 1 

+ 



N r' 2^r'' 



Bounding Pq Below (Including Pq = P) 

We derive the lower bound (|57j) for Pq, which upon letting q = Q yields the lower bound (1^5]) for 
P. We depend upon the results of the preceding subsection along with the following three Lemmas. 

Lemma 6 E~=i j~r^ < 6 



Proof. 



l^2 



4 + E 



h=2 



(h 



1)2 



< 4 + 



1 

1/2 



dx 



6./// 



Lemma 7 For every integer h and every nonnegative integer q, 



2 fiTmr{j/r' + h)\ . 2 f -^rnr^j /r')) 
sm I r— r- I > sm 



vr/ir 
2"+g 



vr/ir 



2n+q 



Proof. Let W = sin^ 
W > 



2 f ■JTm,r{j /r' +h) 
2^+1 



TTmr(j/r')) 
sm I ^-^ — — I cos 

2"+9 



. 2 (TTmr{j/r')) ^ 2 
> sm — ; cos 



We have 
Trhmr\ 



2n+q j 

iihmr\ 
2"+g ) 



Trhmr\ ( TTmr(j/r')) 
sm I — — cos ^ ' " 

2n+q J \ 2"+'? 

/ iThmr\ 

sin ; — 

V 2"+9 / 



\ 2n+q 

where, to obtain the second inequality, we have used H46() as well as 
sm " cos — cos — — 



< 1. 
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We continue the calculation, using = 1 + x, where — ^ x < r/2"^'^ 

2 f 7rmr{j/r')) 



W > sin^ 



> sin 



> sin 



as desired./ / / 



2n+q 



l-sin^(7r/i(l+2;)) -2 



( ) I 1 - COS {Tih) sm (vr/ix) 

2 / 7rmr(j7/)) \ ( / irh 
V 2"+'' J \ V2"^ 



sin (7r/i(l + x)) 
cos(7r/i) sin(7r/i2;) 



Lemma 8 For every nonzero integer h and odd integer r' > 3, 



(52) 



Proof. For every integer /i, let 



(53) 



2 27^ sm (vrxj , 

^ ' (^W " 



sm vrx 1 



(x + hY ' 



Assume /i is a negative integer. As x increases from to 1/2, sin^(7ra;) increases and (x + h)'^ de- 
creases (since h < —1). Thus fh is an increasing function of x when h is negative. View the left-hand 

side of (|52|) as a Riemann sum for fh corresponding to the partition V := < [0, p-], [p-, p-], . . . 



r±_3 r± 
2. 2. _2_ 



of 
on 



' 2 2r' 



with right-hand selection points SP := {p-, p-, . . . , ^ }. Because, //j is increasing 

0, ^ — 277 , the Riemann sum overestimates the integral. Hence, ()52() holds. 

Now assume that /i is a positive integer. In this case, the function //^ increases up to a maximum 
occurring at "rEin(/i)", which is a little less than 1/2, and then decreases. For example, Xm(l) ~ 
0.4303 for the function f\ whose graph appears in Figure 2. To establish the lemma for positive h 
we will need to used the following easily verified facts: 

(a) For every positive integer /i, the point x^ai}^ where attains its maximum value on [0, 1/2] 
exceeds 0.43. 

(b) For every positive integer /i, there is a positive number a < 1/4 such that the graph of fh is 
concave up on [0, a] and down on [a, 1/2]. 



26 



Note that if r' = 3, 5, or 7, then the interval of integration on the right of 1)52(1 is contained in 
[0, 0.43]. Since fh is increasing on [0,0.43] for every h, ()52() holds for r' = 3,5,7 by the argument 
applied above for negative values of h. Thus we assume r' > 9. 

For the remainder of the argument j is used to denote an integer in {1, 2, . . . , (r' — l)/2}. Define 
ja to be the least positive integer such that ^ — > o- Because the graph of fh is concave down 
on (a, 1/2], for all j > ja the integral 



is less than the area f{j/r')l/r' of the trapezoid (pictured in Figure 2) bounded by the x-axis, the 
vertical lines x = — i^, x = + 277, and the line tangent to the graph of fh at (j/r', f{j/r')). 
It follows that 



(54) 




r' 



'2r' 



(55) 





Figure 2: The trapezoid pictured has area exceeding the integral of /i over 

1 - J- i -L J_] 
r' 2r' ' r' 2r' ' 



For values of j < ja, note that ^<a + -^<\ + jg< 0.43 so that fh is increasing on the 
interval p- — p-, . Hence for such a j, the integral 



(56) 
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is less than f{j/r')l/r'. From this it follows that 



(57) 



1 



7 H 



J 



> 



fhix)dx. 



Combining and ((F7|) yields 



1 



(r'-l)/2 



7 II •/'/'(l7 



> 



jg-l 



fh{x)dx + 



Ja 1 
2r^ 



(58) 



/. 



i_ 1 

2 2r^ 



fh{x)dx + 



1 1 

2 2j- 



//i(x) 
fh{x)dx 



_ 1 



Jg-l 



fh{x) dx . 



We complete the proof of the lemma by establishing that the quantity in parentheses on the right 



of l|58jl is nonnegative. It suffices to show that the minimum value of fh on 



1 1 

2r' ' 2 



exceeds the 



maximum value of fh on 
integer. Since 

(59) 



1 

2r' 



We continue to assume that h is an arbitrary positive 



ja 1 111 

7-^<« + ;7<T + ::<0.43, 



2r' - r' - \ 9 
and fh is increasing on [0, .43], the maximum value of / on 



Jn-l ja. 



1 

2T-' 



minimum value of fh on 



1 ]_ 1 

2 2r' ' 2 



is A (^-27^)- The 
occurs either atL:=^ — 2p-oratl/2. A computation shows 
fh{l/2) > //i(l/4+ 1/9); thus by (|59jl and the fact that fh is increasing on [0, .43], we may conclude 
fh{l/2) > fh — as desired. As for L, there are two possibilities, (i) L G [xm(^),l/2] or 

(ii) ^ - ^ < L < Xm{h). In case (i), f{L) > fh{^/'^) > fh{^^ - ^) and in case (ii), the desired 
inequality holds since fh is increasing on [0,Xm (/*-)] • /// 



We are now in position to find a lower bound for Pq in terms of integrals of the functions fh 
defined by (|53|) . We begin with our exact formula for Pq from Sectional obtaining an underestimate 
for Pq by eliminating the final term in the formula (which is clearly nonnegative): 



29+1-1 lr'/2\ - 2 ( TT7nr{j/r'+h) 



(60) 



Pq > 2" ■ 



E E 



^, . =1^,2 f 7Tr{j/r'+h) \ 

Using r < N/2, < 2" and Lemma |7| we obtain 
2 / TTmr{j/r' + h) 



+ (2'^ - 1) 



m 

2n+q ■ 



(61) 



sm 



2n+q 



> sin 



V 2^+<J J [ \2i+'^N J / 21 N' 
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Because we are assuming j varies from 1 to [r' /2\ , ^ < < 1/2; and thus we have for every 

integer h, 

(62) . ..< I"l .,<4 



{i,+hf * (ifti-i)' 



Using (|6T|) and (|6(H) . we have 



29+1- 



. 2 f 7Tmr{j/r')) \ ( -, / Trfe V 
1 Lr72j V / I V2«^ J 



29 AT 



p > 2 

1 - 



E E 

/i=-29+i i=i 



sm 



2 f TTr{j/r'+h) 
2"+<3 



+ (2^= - 1) 



m 



> 



k^i 29+1-1 / K/2J sin2 (HIHl^) ( 1 - (2^)') - |g\ 

E ^ E ^ ^ 



(vr2)2?^ 



(63) > 



2^ /i=-29+i 

7r29+l ^ 
29+iAr 



2"+9 



29+1-1 

E 

/i=-29+i 



(j/r' + 

K/2J sin2 (zniEgZiOy 



+ (2^ - 1) 



m 

2n+q 



1 



E 



29+1-1 



E/ I »./ E/ 



n\h\ 



2iN 



+ (2^ - 1) 



m 

2n+q ■ 



where (jHSJ follows from the line that precedes it by replacing the first occurrence of h in the 
numerator with its maximum possible absolute value (namely 2'^"''^), by separating the sum, and 

by using — = ^. Continuing the calculation, we have 



Pq > 



(64) 



(l-(f)^)2^+i 29^-1 /iLgJsin2( 



TTmr{j /r') 
2"+9 



(^2)^ 



2^1+9 



/i=-29+i 

2 



29 + 1-1 



Lr'/2J 



> 1 



(vr2?iV)^ 

2\ 29+1-1 



E 

/i=-29+i 



2"+9 /i=_29 + l 

2^+1 



r' (1/^1-1/2)2 



+ (2^ - 1) 



m 

2n+q 



2'?+28 Lr72j 



1 L / J sm 2"+9 — 
r (j/r' + /i)2 



7T^ + (2 -1)^ (bydSl). 



2^ + <3 



Using Lemma0J with n + q replacing n, we obtain, for h £ {— 2'^"''^, . . . ,2''+^ — 1}, a lower bound 



29 



on the square-bracketed quantity in (|64() : 



(65) 



2fc+i 



(vr^) 




(j'/r' + hf 



> 



^^)^ U ~ (j'/r' + 



.2/22 



The right-hand side of the preceding inequahty, with /i = 0, is identical to Q of 1)481) with n + q 
replacing n. Thus our work bounding Q below culminating in (|51|) shows 

2/c+i ^ ]^ sm ^^ 2"+9 / 1 > V2"+9+i J [ 2 



(66) 




(i/r' + 0)2 



1 + 



2^ 2r' sm vrx 



dx 



Thus we have a lower bound for the h = summand of ()64() . To bound below the other summands 
in (jnU, i.e. those corresponding to /i G {—2''+^, . . . ,2'^^^ ~ 1} \ {0}? we again cycle through the 
lower bound calculation for Q, 1)48^ through (|51|) : this time with two substitutions: n + q replacing 
n and j/r' + h replacing j'/r' in the denominator. Underestimate ()5fl)) becomes 

. 2^ 



2 l-(^) L;72J sin^r^) 



1 



(7r2) ( 1 + 



Lr'/2J 

7 E 



2^^+^— fc- 



T sin (^) 



(^2)(i + ^jr ^.^^ 



We make the subtracted quantity in (jHTj) larger by replacing {j/r' + h)'^ with {\h\ — 1/2)2, sin(7rj7r') 
with nj/r' , and we also replace 1/(1+ gTir^) with the larger number 1. Thus the subtracted quantity 
in (|67)) is less than 



(vr2) 



< 



V 



,=1 g^i-y ; 2"+'/-'=-i(|/i| 2 

The quantity on the right in parentheses simplifies: 




1 



,./2 



(r'-l)(r' + l) ^ r' + l 



where we have used 



6 24r' - 24 ' 

= Thus the subtracted quantity (|B7|l is less than or equal to 

(r' + 1) 



and, by Lemma |H1 the initial quantity in ()67() is greater than or equal to 



2 1 



f nr V 
1^ 2"+'?+l J 



(^2)( 



1 + 



2"+i 



1 1 ■ 2^ \ 

2 27^ sm vrx 



(x + /i)2 



(ix. 
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Using the preceding two observations as well as 2^r' = r, r < < — n— , and r + 2^ < 2r, we have 



2 1 



2 

2^ 



Quantity (jnZI) > — y r-^ / ^' J, dx 



V sin^(7rx) r + 2^^ 



(7r2)(l+2^) h {x + hY 12.2"+5-i(|/i|-i)' 



^ 1 - (2^) / 2 ri~lP sm^jiTx) 1 



1+2^ + y 12 •iV2«-i(|/i|- 1/2)2 



/ N ^/ / 2 /■ 2 27^ sin^fyrx) , \ 

(68) = CfeA-jUl (^^dx -LW, 



where we have defined 



^ ~ V 29 + 2 AT 



Notice that for nonzero /i, our under-approximating integral from H58j) has limits from to ^ — 
whereas that for the /i = case has limits from p- to ^ + gp-- To make our final lower-bound formula 
for Pq simpler, we adjust the under-approximating integral from (|66|) for the h = case as follows: 

i+ST' sin2(7ra;) /"s+iT^ sin2(7rx) /"T^ sin2(7ra;) 

K dx = 5 dx — 5 dx 

l/r' X^ Jo Jo X"^ 

f\^27 sin^(7rx) vr^ 
> / :5 dx -, 

Jo x^ r 

where we have used the nonnegativity of the integrand as well as sin^(7rx)/x^ < vr^ to obtain the 
inequality. Thus becomes 

^'k-t-l /1 Lr'./2J ^,;„2 f TTmr{j/r') \\ , f 7rr \ ^ .1 l ■ 2/ N \ 

~ 1^ 1^1 , n^2 - 1 I r 32 /„ l2 



1 ~ (^21 + 9 + 1 ) 



2 

2 



2 



^ l-(lv#F7j /2 /-l-aT^ sin2(7rx) 2 1 



11-2/ 



(70) = C(,.N)^r'^'^d.]-m, 



vr^ Jo 
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where L(0) := p- + j^. 

Using ((7n|) to bound below the /i = term of the sum on hne (|BHl and using (j^S)) to bound 
below the terms corresponding to /i 7^ 0, we obtain 



^ ' ' ^ '^2 2r' sm vrx 



29+28 ^//2J ^ m 



- L{h) 



+ (2'= - 1) 



The preceding inequality will yield the advertised bound iPTTj) for Pq after a few more steps. Using 
^ [r72j < 1/2, m > ^ - 1, and r < N/2, we have 

29+28 \r'/2\ 16 



(-2'^^-')#f.-.iv(l-^) 
Using 2^ < r < N/2 and again using m > — 1, we get 



m , 1 1 2^= 1 1 1 1 



f73) f2 — 1) > I > 

^ ^ ^ ^2"-+i ~ r' r 2"+5 2"+'? r' 2^r' N2i+^' 



Finally, 



2'J+l_i 29+1-1 

/i=-2<?+i ^ _ _2g+i ^' ' ' ^ 

/i / 

< 1 J_ 1 V ' ^ 



r' Af29 12 • iV25-i \^ (|/i| - 1/2)^ 



2 1 12 3 

< ^ + TTTTT + tt:^:-^ = ^ + 



A^29 iV29-i r' N21 
where Lemma IHl provides the final inequality. 

/Ft'JI V , , ,, , , 



Beginning with (|71j) and then using ((7^ . (f7H|) . and X]?!^_29+i ^(^) = P' + 'we have 



/j=-2'3+i 



16 111 

+ 
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Substituting 1 for ^1 — (;^)^) the second time it appears on the right of the preceding inequahty, 
simphfying, and using the definition of C{q,N), we arrive at the advertised lower bound on Pq-. 



2 27^ sin (vrx) , \ 1 



7 16 
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